[PATCH] rust: uaccess: use to_result for error handling

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] rust: uaccess: use to_result for error handling
@ 2025-08-21  9:19 Onur Özkan
  2025-08-21 11:04 ` Alice Ryhl
  2025-08-25 22:57 ` Elle Rhumsaa
  0 siblings, 2 replies; 5+ messages in thread
From: Onur Özkan @ 2025-08-21  9:19 UTC (permalink / raw)
  To: rust-for-linux
  Cc: ojeda, alex.gaynor, boqun.feng, gary, bjorn3_gh, lossin,
	a.hindborg, aliceryhl, tmgross, dakr, tamird, linux-kernel,
	Onur Özkan

Simplifies error handling by replacing the manual check
of the return value with the `to_result` helper.

Signed-off-by: Onur Özkan <work@onurozkan.dev>
---
 rust/kernel/uaccess.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
index a8fb4764185a..9992eece2694 100644
--- a/rust/kernel/uaccess.rs
+++ b/rust/kernel/uaccess.rs
@@ -7,7 +7,7 @@
 use crate::{
     alloc::{Allocator, Flags},
     bindings,
-    error::Result,
+    error::{to_result, Result},
     ffi::{c_char, c_void},
     prelude::*,
     transmute::{AsBytes, FromBytes},
@@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
         )
     };

-    if res < 0 {
-        return Err(Error::from_errno(res as i32));
-    }
+    to_result(res as i32)?;

     #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
     assert!(res <= len);
--
2.50.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] rust: uaccess: use to_result for error handling
  2025-08-21  9:19 [PATCH] rust: uaccess: use to_result for error handling Onur Özkan
@ 2025-08-21 11:04 ` Alice Ryhl
  2025-08-22  5:02   ` Onur Özkan
  2025-08-25 22:57 ` Elle Rhumsaa
  1 sibling, 1 reply; 5+ messages in thread
From: Alice Ryhl @ 2025-08-21 11:04 UTC (permalink / raw)
  To: Onur Özkan
  Cc: rust-for-linux, ojeda, alex.gaynor, boqun.feng, gary, bjorn3_gh,
	lossin, a.hindborg, tmgross, dakr, tamird, linux-kernel

On Thu, Aug 21, 2025 at 11:19 AM Onur Özkan <work@onurozkan.dev> wrote:
>
> Simplifies error handling by replacing the manual check
> of the return value with the `to_result` helper.
>
> Signed-off-by: Onur Özkan <work@onurozkan.dev>
> ---
>  rust/kernel/uaccess.rs | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> index a8fb4764185a..9992eece2694 100644
> --- a/rust/kernel/uaccess.rs
> +++ b/rust/kernel/uaccess.rs
> @@ -7,7 +7,7 @@
>  use crate::{
>      alloc::{Allocator, Flags},
>      bindings,
> -    error::Result,
> +    error::{to_result, Result},
>      ffi::{c_char, c_void},
>      prelude::*,
>      transmute::{AsBytes, FromBytes},
> @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
>          )
>      };
>
> -    if res < 0 {
> -        return Err(Error::from_errno(res as i32));
> -    }
> +    to_result(res as i32)?;

This is wrong. The type of `res` is isize, and casting a positive
isize to i32 can result in a negative number and incorrectly trigger
this error. For example: 2147483650i64 as i32 is -2147483646.

Alice

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] rust: uaccess: use to_result for error handling
  2025-08-21 11:04 ` Alice Ryhl
@ 2025-08-22  5:02   ` Onur Özkan
  2025-08-22 20:24     ` Miguel Ojeda
  0 siblings, 1 reply; 5+ messages in thread
From: Onur Özkan @ 2025-08-22  5:02 UTC (permalink / raw)
  To: Alice Ryhl
  Cc: rust-for-linux, ojeda, alex.gaynor, boqun.feng, gary, bjorn3_gh,
	lossin, a.hindborg, tmgross, dakr, tamird, linux-kernel

On Thu, 21 Aug 2025 13:04:18 +0200
Alice Ryhl <aliceryhl@google.com> wrote:

> On Thu, Aug 21, 2025 at 11:19 AM Onur Özkan <work@onurozkan.dev>
> wrote:
> >
> > Simplifies error handling by replacing the manual check
> > of the return value with the `to_result` helper.
> >
> > Signed-off-by: Onur Özkan <work@onurozkan.dev>
> > ---
> >  rust/kernel/uaccess.rs | 6 ++----
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> > index a8fb4764185a..9992eece2694 100644
> > --- a/rust/kernel/uaccess.rs
> > +++ b/rust/kernel/uaccess.rs
> > @@ -7,7 +7,7 @@
> >  use crate::{
> >      alloc::{Allocator, Flags},
> >      bindings,
> > -    error::Result,
> > +    error::{to_result, Result},
> >      ffi::{c_char, c_void},
> >      prelude::*,
> >      transmute::{AsBytes, FromBytes},
> > @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut
> > [MaybeUninit<u8>], src: UserPtr) -> Result<us )
> >      };
> >
> > -    if res < 0 {
> > -        return Err(Error::from_errno(res as i32));
> > -    }
> > +    to_result(res as i32)?;
> 
> This is wrong. The type of `res` is isize, and casting a positive
> isize to i32 can result in a negative number and incorrectly trigger
> this error. For example: 2147483650i64 as i32 is -2147483646.
> 
> Alice

Nice catch. I could use `try_into().unwrap_or(0)` but that feels a bit
iffy since it would silently avoid the error if `isize` happens to be
much smaller than what `i32` can handle (though I am not sure if it's
possible in practice in the kernel codebase). Let's just ignore this
patch.

Thanks,
Onur

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] rust: uaccess: use to_result for error handling
  2025-08-22  5:02   ` Onur Özkan
@ 2025-08-22 20:24     ` Miguel Ojeda
  0 siblings, 0 replies; 5+ messages in thread
From: Miguel Ojeda @ 2025-08-22 20:24 UTC (permalink / raw)
  To: Onur Özkan
  Cc: Alice Ryhl, rust-for-linux, ojeda, alex.gaynor, boqun.feng, gary,
	bjorn3_gh, lossin, a.hindborg, tmgross, dakr, tamird,
	linux-kernel

On Fri, Aug 22, 2025 at 7:03 AM Onur Özkan <work@onurozkan.dev> wrote:
>
> Nice catch. I could use `try_into().unwrap_or(0)` but that feels a bit
> iffy since it would silently avoid the error if `isize` happens to be
> much smaller than what `i32` can handle (though I am not sure if it's
> possible in practice in the kernel codebase). Let's just ignore this
> patch.

`isize` is at least 32-bit, but I am not sure that would be more readable.

If we want to make all these cases go through a `to_result`-like
function, then we may want to have variants of that and so on instead
-- Onur created this related Zulip thread:

    https://rust-for-linux.zulipchat.com/#narrow/channel/288089-General/topic/returning.20.60Ok.28c_int.29.60.20instead.20of.20.60Ok.28.28.29.29.60.20on.20.60to_result.60/near/535616940

Similarly, we also may want to have a function or similar that allows
to perform such infallible casts (that are not infallible in general
Rust but are in the kernel); for reference, a similar recent
discussion at:

    https://lore.kernel.org/rust-for-linux/CANiq72nW=XuUFqOB-6XavOPXtpbkHsagEkYvcD2JfCEiopYo=Q@mail.gmail.com/

Thanks!

Cheers,
Miguel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] rust: uaccess: use to_result for error handling
  2025-08-21  9:19 [PATCH] rust: uaccess: use to_result for error handling Onur Özkan
  2025-08-21 11:04 ` Alice Ryhl
@ 2025-08-25 22:57 ` Elle Rhumsaa
  1 sibling, 0 replies; 5+ messages in thread
From: Elle Rhumsaa @ 2025-08-25 22:57 UTC (permalink / raw)
  To: Onur Özkan
  Cc: rust-for-linux, ojeda, alex.gaynor, boqun.feng, gary, bjorn3_gh,
	lossin, a.hindborg, aliceryhl, tmgross, dakr, tamird,
	linux-kernel

On Thu, Aug 21, 2025 at 12:19:39PM +0300, Onur Özkan wrote:
> Simplifies error handling by replacing the manual check
> of the return value with the `to_result` helper.
> 
> Signed-off-by: Onur Özkan <work@onurozkan.dev>
> ---
>  rust/kernel/uaccess.rs | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> index a8fb4764185a..9992eece2694 100644
> --- a/rust/kernel/uaccess.rs
> +++ b/rust/kernel/uaccess.rs
> @@ -7,7 +7,7 @@
>  use crate::{
>      alloc::{Allocator, Flags},
>      bindings,
> -    error::Result,
> +    error::{to_result, Result},
>      ffi::{c_char, c_void},
>      prelude::*,
>      transmute::{AsBytes, FromBytes},
> @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
>          )
>      };
> 
> -    if res < 0 {
> -        return Err(Error::from_errno(res as i32));
> -    }
> +    to_result(res as i32)?;
> 
>      #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
>      assert!(res <= len);
> --
> 2.50.0

Reviewed-by: Elle Rhumsaa <elle@weathered-steel.dev>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-08-25 22:57 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-21  9:19 [PATCH] rust: uaccess: use to_result for error handling Onur Özkan
2025-08-21 11:04 ` Alice Ryhl
2025-08-22  5:02   ` Onur Özkan
2025-08-22 20:24     ` Miguel Ojeda
2025-08-25 22:57 ` Elle Rhumsaa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).